package com.pj.config;


import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                //   说明/product/api/*：仅匹配一级路径，适用于简单的、扁平化的API结构。
                //   说明/product/api/**：匹配所有层级的路径，适用于更复杂的、多层级的API结构。
                .antMatchers("/product/api/**").permitAll() // 允许所有用户访问此路径
                .anyRequest().authenticated(); // 其他请求需要认证
    }
}
